Microsoft Windows 7 Service Pack 1 vulnerabilities
817 known vulnerabilities affecting microsoft/windows_7_service_pack_1.
Total CVEs
817
CISA KEV
28
actively exploited
Public exploits
22
Exploited in wild
34
Severity breakdown
CRITICAL25HIGH615MEDIUM176LOW1
Vulnerabilities
Page 37 of 41
CVE-2020-1530HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1530 [HIGH] CVE-2020-1530: An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.
An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how Windows Remote
nvd
CVE-2020-1558HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1558 [HIGH] CVE-2020-1558: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
The update addresses the vulnerabili
nvd
CVE-2020-1551HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1551 [HIGH] CVE-2020-1551: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles mem
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Window
nvd
CVE-2020-1557HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1557 [HIGH] CVE-2020-1557: A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
The update addresses the vulnerabili
nvd
CVE-2020-1337HIGHCVSS 7.8PoC≥ 6.1.0, < publication2020-08-17
CVE-2020-1337 [HIGH] CWE-367 CVE-2020-1337: An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly all
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts wit
nvd
CVE-2020-1379HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1379 [HIGH] CWE-787 CVE-2020-1379: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
There are multiple ways an attacker could exploit the vulnerability, such as by convincin
nvd
CVE-2020-1539HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1539 [HIGH] CVE-2020-1539: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles mem
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Window
nvd
CVE-2020-1515HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1515 [HIGH] CVE-2020-1515: An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles
An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Wind
nvd
CVE-2020-1489HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1489 [HIGH] CVE-2020-1489: An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memor
An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Windows
nvd
CVE-2020-1544HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1544 [HIGH] CVE-2020-1544: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles mem
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Window
nvd
CVE-2020-1562HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1562 [HIGH] CVE-2020-1562: A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle ob
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.
To exploit the vulnerability, a user would have to open a specially crafted file.
The security update addresses the vulnerability by correct
nvd
CVE-2020-1535HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1535 [HIGH] CVE-2020-1535: An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles mem
An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.
To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
The security update addresses the vulnerability by correcting how the Window
nvd
CVE-2020-1552HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1552 [HIGH] CVE-2020-1552: An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handl
An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
An attacker could exploit this vulnerability by running a specially crafted application on the victim system.
The update addresses the vulner
nvd
CVE-2020-1520HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1520 [HIGH] CVE-2020-1520: A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles me
A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.
An attacker who successfully exploited the vulnerability would gain execution on a victim system.
The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory.
nvd
CVE-2020-1486HIGHCVSS 7.8≥ 6.1.0, < publication2020-08-17
CVE-2020-1486 [HIGH] CVE-2020-1486: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle obje
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, a
nvd
CVE-2020-1464MEDIUMCVSS 5.5KEV≥ 6.1.0, < publication2020-08-17
CVE-2020-1464 [MEDIUM] CWE-347 CVE-2020-1464: A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who
A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files.
In an attack scenario, an attacker could bypass security features intended to prevent improperly signed files from being loaded.
The update address
nvd
CVE-2020-1485MEDIUMCVSS 5.5≥ 6.1.0, < publication2020-08-17
CVE-2020-1485 [MEDIUM] CVE-2020-1485: An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service impr
An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit the vulnerability, an authenticated attacker could connect an imaging device (camera,
nvd
CVE-2020-1577MEDIUMCVSS 6.5≥ 6.1.0, < publication2020-08-17
CVE-2020-1577 [MEDIUM] CVE-2020-1577: An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted
nvd
CVE-2020-1474MEDIUMCVSS 5.5≥ 6.1.0, < publication2020-08-17
CVE-2020-1474 [MEDIUM] CVE-2020-1474: An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service impr
An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit the vulnerability, an authenticated attacker could connect an imaging device (camera,
nvd
CVE-2020-1383MEDIUMCVSS 5.5≥ 6.1.0, < publication2020-08-17
CVE-2020-1383 [MEDIUM] CVE-2020-1383: An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access en
An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system
To exploit this vulnerability, an attacker would need to run a specially crafted application against an RPC server which has Routin
nvd